Who we are
Tempest Security Intelligence Limited (registered in England and Wales under company number 08175076), collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
In the course of providing security services we carry out research and obtain personal information from a number of sources (including you). These will typically include:
- Publicly accessible websites like Companies House
- Your website
- Online services and websites including social media networks and forums
- Subscription services
- The dark and deep web
As a result, we collect personal data which may include:
- Names and addresses
- Telephone numbers
- Email addresses, domain names and IP addresses
- Social media accounts and addresses
- Proof of identity e.g. passport information
- Financial information
- Details of related parties
- Personal interests
- Cryptocurrency wallet numbers
- Usernames and passwords
- Digital photographs
How we use your personal information
We use your personal information, with a legitimate interest in doing so, to:
- Provide you with our services and fulfil our obligations to you in relation to the provision of security services including environment protection, incident prevention, incident response, digital forensics, threat detection, fraud prevention, client identification and security education, in accordance with our terms of business (“Services”)
- Verify your identity and your financial circumstances with third parties
- Provide any prospective purchaser of our business with details of our business (provided they agree to only use your personal information under the same terms as we do)
- Send you news and provide you with information about our services which our similar to those in relation to which you have engaged us. You may opt out of receiving these at any time.
- Introduce you to third parties to help us to provide you with our Services.
- Invite you to events we, our clients or third parties organise which we believe you may be interested in. You may opt out of receiving these at any time.
We may work, alone or with our partners, to anonymously integrate analytic data with data that those partners have independently collected to deliver enhanced antifraud services.
Who we share your personal information with
We do not routinely share your personal data with anyone other than our sister company in Brazil. We do, however, provide some of your data to third parties in order to deliver our Services to you. These third parties include consultants and freelancers engaged by us, other providers of translation services who may assist us with delivering our Services. This data sharing enables us to provide you with the Services.
Tempest Brazil is based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’ (below).
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Whether information has to be provided by you, and if so why
The provision of personal data by you is necessary to enable us to provide you with the Services. We will inform you at the point of collecting information from you whether you are required to provide the information to us.
How long your personal information will be kept
We will hold your personal data for as long as it is needed for us to provide you with the Services or for the period we are required to retain this information by applicable UK tax law (currently 6 years), whichever is the longer.
Reasons we can collect and use your personal information
We rely on our contractual obligations to you and/or the pursuit of our legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are providing you with the Services.
In limited circumstances we may also rely on the need to protect your interests (or those of a third party) and/or where processing is in the public interest or for official purposes. Where we process special category personal information, we will only do so with your explicit consent.
Transfer of your information out of the EEA
We may transfer your personal information to Tempest Brazil outside the European Economic Area (EEA)
Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision whether certain countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to obligations obliging the transferee to comply with the General Data Protection Regulation and designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the United Kingdom or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights. In summary, those include rights to:
- the fair processing of information and transparency over how we use your use personal information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to us
- let us have enough information to identify you (e.g. name and property details),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates
If you would like to stop receiving information from us you can contact us. It may take up to  days for this to take place.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published on 12 December 2018.
When we do we will inform you via a banner that will be displayed on our website.
How to contact us
If you wish to contact us please send an email to write to 30 Irongate Dukes Place Aldgate, EC3A 7LP or call +44 20 3908 2090.
We employ cookie technology to help log visitors to our web site. Cookies are pieces of data that are often created when you visit a website, and which are stored in the cookie directory of your computer or mobile device. A number of cookies may be created when you visit our website. The cookies do not contain any personal information about you, and they cannot be used to identify an individual user.